From dab0955e5a18fa5e7f88ed9f918f3594549587ee Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Fri, 4 Sep 2009 06:17:56 +0000
Subject: main/net-snmp: CVE-2008-6123, fix textrels

---
 main/net-snmp/APKBUILD            | 24 ++++++++++++++++--------
 main/net-snmp/CVE-2008-6123.patch | 19 +++++++++++++++++++
 2 files changed, 35 insertions(+), 8 deletions(-)
 create mode 100644 main/net-snmp/CVE-2008-6123.patch

(limited to 'main/net-snmp')

diff --git a/main/net-snmp/APKBUILD b/main/net-snmp/APKBUILD
index ac497cb9..26cf67d6 100644
--- a/main/net-snmp/APKBUILD
+++ b/main/net-snmp/APKBUILD
@@ -2,21 +2,24 @@
 # Maintainer: Carlo Landmeter <clandmeter@gmail.com>
 pkgname=net-snmp
 pkgver=5.4.2.1
-pkgrel=0
+pkgrel=1
 pkgdesc="Simple Network Management Protocol"
 url="http://www.net-snmp.org/"
 license="GPL"
 depends=
-makedepends="perl-dev"
+makedepends="perl-dev openssl-dev"
 subpackages="$pkgname-doc $pkgname-dev $pkgname-tools"
 source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz
-snmpd.initd
-snmpd.confd
-snmptrapd.initd
-snmptrapd.confd"
+	snmpd.initd
+	snmpd.confd
+	snmptrapd.initd
+	snmptrapd.confd
+	CVE-2008-6123.patch
+	"
 
 build() {
 	cd "$srcdir/$pkgname-$pkgver"
+	patch -p0 -i ../CVE-2008-6123.patch || return 1
 
 	export lt_cv_sys_max_cmd_len=8192
 
@@ -30,8 +33,12 @@ build() {
 		--with-logfile="/var/log/net-snmpd.log" \
 		--enable-ucd-snmp-compatibility \
 		--with-persistent-directory="/var/lib/net-snmp" \
+		--with-openssl \
+		--enable-ipv6 \
 		--enable-shared \
-		--enable-as-needed
+		--enable-as-needed \
+		--disable-embedded-perl
+		# embedded-perl seems to create TEXTREL's
 
 	make -j1 || return 1
 	make -j1 DESTDIR="$pkgdir" install
@@ -54,4 +61,5 @@ md5sums="984932520143f0c8bf7b7ce1fc9e1da1  net-snmp-5.4.2.1.tar.gz
 941e257218aa773b33696a2c7222a14e  snmpd.initd
 96510a2f3bc9f21648b03f7e8d76c0d3  snmpd.confd
 c5198c350991637849595dba93019bda  snmptrapd.initd
-363f7728a76bdfc46e29b7e1f5cf4950  snmptrapd.confd"
+363f7728a76bdfc46e29b7e1f5cf4950  snmptrapd.confd
+e8eac801c76e03bca7e7bf6b267b0d3d  CVE-2008-6123.patch"
diff --git a/main/net-snmp/CVE-2008-6123.patch b/main/net-snmp/CVE-2008-6123.patch
new file mode 100644
index 00000000..b4b06f63
--- /dev/null
+++ b/main/net-snmp/CVE-2008-6123.patch
@@ -0,0 +1,19 @@
+diff -Naur snmplib.orig/snmpUDPDomain.c snmplib/snmpUDPDomain.c
+--- snmplib.orig/snmpUDPDomain.c	2007-10-11 22:46:30.000000000 +0200
++++ snmplib/snmpUDPDomain.c	2009-07-10 23:41:37.000000000 +0200
+@@ -104,12 +110,12 @@
+ 	char tmp[64];
+         to = (struct sockaddr_in *) &(addr_pair->remote_addr);
+         if (to == NULL) {
+-            sprintf(tmp, "UDP: [%s]->unknown",
++            sprintf(tmp, "UDP: unknown->[%s]",
+                     inet_ntoa(addr_pair->local_addr));
+         } else {
+-            sprintf(tmp, "UDP: [%s]->", inet_ntoa(addr_pair->local_addr));
+-            sprintf(tmp + strlen(tmp), "[%s]:%hd",
++            sprintf(tmp, "UDP: [%s]:%hu->",
+                     inet_ntoa(to->sin_addr), ntohs(to->sin_port));
++            sprintf(tmp + strlen(tmp), "[%s]", inet_ntoa(addr_pair->local_addr));
+         }
+         return strdup(tmp);
+     }
-- 
cgit v1.2.3